Posted
by
samzenpus
on Monday March 30, 2015 @03:17PM
from the it-wasn't-us dept.

An anonymous reader writes At the Regular Press Conference on March 30, China's Foreign Ministry Spokesperson Hua Chunying responded on the charge of DDoS attack over Github. She said: "It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

Uhh I thought the retiring head of Mossad bragged about being the one who made Stuxnet? Don't get me wrong, NSA I'm sure has their fingers in a lot of dirty pies but if the head of a major nation state spy agency takes credit for attacking an enemy of the state using spy techniques? Unless evidence goes to the contrary I'd probably believe 'em.

Well, it's actually quite plausible. That doesn't mean you should believe it. Lots of things are believable that aren't true.

The interesting thing is, I can't think of how they could either make it believable that they did it or that they didn't do it. In some things there are no good grounds for having a belief in either (any) direction.

The thing is, all the governments I've paid any attention to lie so often that you would do well to use a roulette wheel to decide HOW they are lying in any particular statement. And "They're telling the truth" would be the 00 slot of the wheel. But belief should occur only when there is reasonably grounded evidence...and then it shouldn't be committed belief, because governments are quite able to fabricate evidence when they find it worth the effort.

But the actual traffic is international and there's nothing odd in it. It's the actual source of the attack - the hijacked Baidu script that changed non-Chinese visitors of Chinese pages into botnet (well, not really, but very botnet-like) nodes instructed to attack GitHub - that without any doubt came from the Great Firewall of China. It might not be the government, but unless there's a massive man-in-the-middle attack covering the whole non-Chinese Internet, it's definitely something that comes from China.

Mikko Hyponen, the chief research officer of cybersecurity firm F-Secure, said the attack was likely to have involved Chinese authorities because the hackers were able to manipulate Web traffic at a high level of China’s Internet infrastructure. It appeared to be a new type for China, he added. “It had to be someone who had the ability to tamper with all the Internet traffic coming into China.” he said.

Though Baidu is the largest search engine in China by several measures, the attack appeared to use traffic from its users outside the country, security experts said. When a user navigated to the Baidu search engine, they said, a code was activated that sent continuous requests for data from the user’s computer to GitHub. By tapping overseas users, the hackers made the attack harder to block, because the requests to GitHub came from all over the world and looked like typical requests for information.

And also the motive is very clear for China to attack Github. Not so clear for anyone else.

Just playing Devil's Advocate here...but doesn't a country having a wide publicly known motive also make that country a prime target for framing? (Not saying that China didn't do it; as the evidence is considerably against them.)

Yes, but it also implies that someone has a goal in mind by framing China. Either to hide their own activities or to make China look bad.

Who else has the motive to take down GitHub? Organized crime could, but what do they get out of it? The US Government could, but what would the goal be?

Unless someone provides motives for other players at that level to make that attack, it's probably China. Simple internet trolls might know how to operate such an attack but probably not the capacity to perform it.

So there is some circumstantial evidence and the conclusion that because the hack was executed at a high level, it must be the government. And then the accusation that China is motivated to take down Github, even though that is clearly a futile goal that never had any serious chance of working. Maybe for a few hours, but it's not like Github would just give up and close, and the projects it hosts would call it quits too. So it is so highly skilled that only a government could do it, but also incredibly naiv

While that's reasonable circumstantial evidence, I don't know that it couldn't have been done by someone else, and the balance of the opinion seems to be that it, indeed, could be done by someone else.

OTOH, it's not clear who else would have a motive. And, governments not being any more monolithic that corporations, it could quite well have been some department (or actor within a department) acting without any knowledge by the official spokesman, and either with, or without, approval by higher organization

Thank you for that post. You summed up more information than I had seen on the subject. I had just assumed when reading the/. article that GreatFire was just a reference to the source of the attack, I had never heard of the software.

I wonder if GreatFire has a donation link...Googling does not answer this question for me though.

It's not their logic that is not good, it's your summary that is not good. They aren't saying that the fact that they get hacked a lot proves that they don't hack. They're saying that a lot of people jump to the conclusion that any hacking incident must be from China in spite of the fact that they're are a lot of hackers are from outside of China. The point of saying that they are often the victim of hacking is to emphasize that there are non-Chinese hackers.

And this generalization has been proven false somehow? I have worked for 25+ years focused on IT Security. Complex hacks come from China. Spammers, porn, etc.. comes from Russia. Script kiddies from must about everywhere else. Since the US has access to US data, there is not a whole lot of us hacking ourselves.

Since China controls the "great wall" anything going outbound becomes suspect for government sponsorship. Large attacks have to be, because there is no way they don't know what's coming in and g

Wait...really? You'd don't believe the NSA but you'll believe a government official from a country that has killed millions of its OWN people? Wow. I mean, NSA basically stands for National Shitfilled Agency, but I'll believe them in a heartbeat over these buggers.

Look up mass murder by communist regimes. Look up what happened to the democracy movement in China. Well, assuming you aren't in China, where you aren't free to to so.

Get your head out of your rear and actually get a clear picture of the regime in

Last time you checked where? Churchill didn't allow the Coventry bombing to go through. There was a screwup in the system, which meant the Germans got an unopposed shot at Coventry. As a general rule, the Allies acted on their intelligence, although they constantly tried to provide plausible excuses how they could have gotten the information otherwise. Pearl Harbor was avoidable, in that the Japanese didn't have to do it. What do you think the US should have done to prevent it? Send warning messages

Have you even checked how this attack looks like? The traffic is *NOT* coming from Chinese servers, but that's not the point. That's actually why it's so powerful.
Baidu serves the malicious JavaScript in place of their analytics tracking script. Inside of China it's normal, but when it goes through the Great Firewall it gets changed to malicious script that turns any visitors of webpages with Baidu script (Google Analytics equivalent) attached to them into part of DDoS.
The way that script worked initially was actually pretty hilarious. It attached new tag to the page with src attribute being github URL. This allowed github to replace content under those URLs to "alert('WARNING: malicious script detected');", which got executed in every browser that was turned into an attacker (and due to blocking nature of alert, limiting the impact).
Of course there's more to that and the techniques used by attackers changed over past days - for instance, now TCP SYN floods started as well. But the fact is that there's definitely some big Chinese player behind it, even if it's actually not the most likely one - the government.

Firstly, Canada did not admit this. There was a disclosure as part of the Snowden documents that mentioned false flags.

Secondly, the disclosed claim concerned the intelligence forces claiming they were capable of performing false flag operations, not that they had ever done so. The document was a pretty sparse high level rundown of capabilities, barely more than a power point presentation (or maybe it was a power point presentation).

Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

Thanks for the quote.. it's interesting to note that he's implying that others won't cooperate with them on regulating the 'net. The truth on that claim would be somewhere between them making unreasonable (whether impractical or unpalatable - we've seen what sort of regulation they do on their own) demands, this statement being false, or the "China hopes to" weasel language being key - allowing that they never tried. Not much said indeed.

Russia and China are reliable liars when it comes to denying what others have caught them doing. Very much like a child that got caught with a hand in the cookie jar. I do not believe denials that come out of either country.

Not really true. Many intelligence agencies use a "no comment" policy when caught. For instance the NSA's response when caught was that they refused to comment on the veracity of any documents that they considered to have been obtained illegitimately.

There's a solution to DDoS in IPv6 called the "NAK packet" which is a simple request for upstream routers to not relay any more traffic from the address or addresses that is sending the abusive data. Basically, it's like asking a firewall in between to rule out the bad data.

When some router sends packets in your direction you generally say "ACK" for it worked and "RST" for start over at a certain point... "NAK" means "I got it, but I don't like it, no more of that for me please!"

Firewalls can only stop traffic once it travels the line to your side... what would be better is to have a firewall at ISP side of the line to reject traffic you don't want so your line doesn't get overloaded but lets the good traffic through.

Your honor, I'd like to remind you that as a member of the Crips, my client is constantly facing risks to his life including up to being gunned down in the street. Therefore he clearly could not have committed that drive by shooting of the Bloods.

Take a look at the attack code people. It's very clear this is a state sponsored attack using baidu, they are targeting VPN software hosted on Github that's used to bypass firewall restrictions in China.

It's not like baidu would randomly install attack code against github for "no reason". Additionally, it's been 125 hours now & they still haven't taken it down.

I'd actually be more likely to believe it's a desperate US or UK agency trying to prove why they need to take our freedoms away than China. There's so much anti-china stuff out there. Why pick github? But as well apparently British airways and slack are being attacked. What would China have against British Airways? Something doesn't make quite make sense.

You'd have to convince everyone outside china to block Baidu. And as for blocking GitHub for Chinese users, China would love that. The only reason they're not blocking GitHub is that so many Chinese engineers use it. If someone outside China blocked it for them, they'd be killing two birds with one stone: censoring the VPN info and making another country look bad.

Because blocking Baidu will hurt their interest and stopping GitHub will cause more unrest and show their population what their government is doing ? Maybe I agree with you on the second point after thinking a bit more.

This country was founded by progressives. With the notable exception of slavery (because some smug fuckwit will always think that pointing out the inconsistency somehow makes them edgy, or clever), the US and its devotion to individual freedoms was pretty novel at the time.